<?php
/**
 *  index file
 * 
 *  @author mario
 *  @package Mailgun
 *  @license http://www.gnu.org/licenses/lgpl.html LGPL
 */
            

# include PEAR files
require 'Mail.php';
require 'Mail/mime.php';
require 'XML/Feed/Parser.php';

# include own classes
require 'Body.php';
require 'Email.php';

# start session
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    <title>mailgun 0.1</title>
    <link rel="Stylesheet" type="text/css" href="styles/style.css" />
</head>
<body>
<h1>mailgun 0.1</h1>
<p>
    mailgun 0.1 is a tool that allows you to check webmailer security. Just enter your email address and click send. After that a mail 
    filled with all available vectors from the <a href="http://www.gnucitizen.org/xssdb/">xssDB</a> will be sent to the specified address.
</p>
<p>
    You can use mailgun only once a session - this makes the tool a little uncomfy but I guess you can imagine the purpose of this mechanism. 
    Please use mailgun responsibly.
</p>
<?php
    if(!isset($_SESSION['mailgun']['_sent'])) {
    ?>
        <form action="/mailgun/" method="post">
        <fieldset>
        <div>
            <input type="text" name="email" maxlength="255" />
            <input type="submit" value="Send" />
        </div>
        </fieldset>
        </form>    
    <?php
        if(isset($_POST['email'])) {
        
            # check mail address pattern
            if(preg_match('/^[\w.-]+@[\w.-]+$/', $_POST['email'])) {
    
    
                # fetch the vectors from the xssDB
                $Body = new Mailgun_Body;
                $Body->setFeedUrl(
                    'http://xssdb.dabbledb.com/publish/xssdb/e31f5ab5-eb91-4bc4-b5a2-9e7a994483f1/xssdbtestview01.rss'
                    );
    
                # trigger preparation and sending of mail
                $Mail = new Mailgun_Mail($Body->getVectorsFromRSS(),
                                         null, 
                                         "\r\n",  
                                         escapeshellcmd($_POST['email']) 
                                         );
        
                # set session vars    
                $_SESSION['mailgun']['_sent'] = 1;
            ?>
                <h2 class="success">email sent</h2>
            <?php               
        } else {
            ?>
                <h2 class="error">Wrong email address format</h2>
            <?php        
        }
    } else {
        ?>
            <h2 class="error">Please enter a valid email address</h2>
        <?php          
    }
} else {
?>
    <h2 class="error">You can only use mailgun once a session.</h2>
<?php    
}
?>
<div id="footer">&copy; <a href="http://mario.heideri.ch/" target="_blank">.mario</a> 2007</div>
<div id="selfpromotion">
    <h3>Other cool stuff</h3>
    <ul>
        <li><a href="http://h4k.in/encoding">PHP charset encoder</a></li>
        <li><a href="http://h4k.in/mailgun">mailgun 0.1</a></li>
        <li><a href="http://phpids.heideri.ch/">PHP&bull;IDS Smoketest</a></li>
        <li><a href="http://h4k.in/dataurl">data: URL testcases</a></li>
    </ul>
</div>
</body>
</html>